United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, l'atint and Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



I0/H22.009 



04/09/200-1 



Jeffrey A. Kraemer 



58406 7590 06/09/2008 

BARRY W. CHAPIN, ESQ. 

CHAPIN INTELLECTUAL PROPERTY LAW, LLC 
WESTBOROUGH OFFICE PARK 
1700 WEST PARK DRIVE, SUITE 280 
WESTBOROUGH, MA 01581 



DOAN, TRANG T 



PAPER NUMBER 



DELIVERY MODE 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/822,069 


Applicant(s) 

KRAEMER ET AL. 


Examiner 

TRANG DOAN 


Art Unit 

2131 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 30 July 2007 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-98 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1-98 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 09 April 2004 is/are: a0 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20080605 



Application/Control Number: 10/822,069 
Art Unit: 2131 



Page 2 



DETAILED ACTION 

1 . Claims 1-98 are pending for consideration. 

Claim Rejections - 35 USC §112 

2. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 1, 21, 41, 61 and 81 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

Regarding claims 1,21,41,61 and 81 , Examiner is not sure if the limitation "a 
reference monitor simulator" in line 1 and the limitation "a reference monitor" in line 2 
refer to the same simulator or they are two separate simulators. 

In addition to claims 1,21, 41 and 61 , Examiner does not know what Applicant 
means by the limitation " under a given set of circumstances " in line 5. Do these 
circumstances relate to the resource or the security rule? See Morton Int 'I, Inc. v. 
Cardinal Chem. Co., 5 F.3d 1464, 1470, 28USPQ2d 1190, 1195 (Fed. Cir. 1993). 

Regarding claim 81 , Examiner does not know what Applicant means by the 
limitation " accessing the effectiveness of the security rule " in line 6. See Morton Int 'I, 
Inc. v. Cardinal Chem. Co., 5 F.3d 1464, 1470, 28USPQ2d 1190, 1195 (Fed. Cir. 1993). 

Appropriate correction is required. 
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Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 61-80 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Regarding claim 61 , this claim recites a signal embodied in a transmission 
medium, the signal operable to provide a reference monitor simulator to recreate the 
operations performed by a first reference monitor. The signal recited in claim 61 (i.e., a 
form of energy) does not fall within one of the four statutory classes of an invention 
(method/process, article of manufacture, a composition of matter, or machine). 
According to the Interim Guidelines for Examination of Patent Applications, claims that 
recite nothing but the physical characteristics of a form of energy, such as a frequency, 
voltage, or the strength of a magnetic field, define energy or magnetism, per se, and as 
such are nonstatutory natural phenomena. O'Reilly, 56 U.S. (15 How.) at 112-14. 

The dependent claims are depended on the rejected base claim, and are 
rejected for the same rationales. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

7. Claims 1-98 are rejected under 35 U.S.C. 102(b) as being anticipated by Carter 
et al. (US 2003/0051026) (hereinafter Carter). 

Regarding claim 1,21,41, 61 and 81 , Carter discloses: 

(A) defining at least one security rule specifying whether to allow or deny a 
request to access at least one resource under a given set of circumstances (Carter: See 
Abstract section and paragraphs 0168-0169, 0171, 0258, 0607 and 0802-0803: four 
sets of policies included in the Network Surveillance and Security System that govern 
access to databases (i.e., resource)); 

(B) supplying at least one request to access a resource (Carter: See paragraphs 
0180, 0652 and 0755: A Security Reference Monitor is a hidden controller that makes 
references against the Security Reference Database whenever the Security Reference 
Monitor detects that the Security Authorization Database receives a request for access); 
and 

(C) applying the at least one security rule in response to the at least one request 
to access a resource to determine whether to allow or prevent the at least one request 
(Carter: See paragraphs 0180, 0785 and 0797-0803: the watchdog system may use its 
own policies to permit or deny access, or it may pass the decision to other components 
of the Network Surveillance and Security System). 

Regarding claim 2, 22, 42, 62 and 82, Carter further discloses providing at least 
one parameter defining the system environment in which the reference monitor 
executes (Carter: paragraphs 0211-0216). 
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Regarding claim 3, 23, 43, 63 and 83, Carter further discloses wherein the at 
least one parameter includes a time parameter which defines the passage of time 
perceived by the computer system (Carter: paragraphs 0147 and 0591). 

Regarding claim 4, 24, 44, 64 and 84, Carter further discloses wherein the 
passage of time indicated by the time parameter is faster than the actual passage of 
time (Carter: paragraphs 0310). 

Regarding claim 5, 25, 45, 65 and 85, Carter further discloses wherein the 
passage of time indicated by the time parameter enables the computer system to 
execute the reference monitor simulator in an accelerated manner (Carter: See Abstract 
section and paragraph 0306: the invention autonomously alters its security policies in 
response to ongoing events). 

Regarding claim 6, 26, 46 and 66, Carter further discloses (D) assessing the 
effectiveness of the at least one security rule (Carter: paragraphs 0222 and 0260). 

Regarding claim 7, 27, 47, 67 and 86, Carter further discloses wherein assessing 
the effectiveness of the security rule further comprises determining at least one of the 
number of improper access requests prevented and the number of proper access 
requests allowed (Carter: paragraphs 0260, 0606-061 1 and 0802). 

Regarding claim 8, 28, 48, 68 and 87, Carter further discloses wherein assessing 
the effectiveness of the security rule further comprises determining a rate of improper 
requests prevented (Carter: paragraphs 0403 and 041 1-0413). 
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Regarding claim 9, 29, 49, 69 and 70, Carter further discloses wherein (B) further 
comprises an application program supplying the at least one request to access a 
resource (Carter: paragraph 0304). 

Regarding claim 10, 30, 50 and 89, Carter further discloses wherein (B) further 
comprises capturing at least one request to access a resource before supplying the at 
least one request to access a resource (Carter: paragraphs 0172 and 0218). 

Regarding claim 1 1 , 31 , 51 , 71 and 90, Carter further discloses wherein a 
reference monitor performs the capture of the at least one request to access a resource 
(Carter: paragraphs 0700 and 0755). 

Regarding claim 12, 32, 52, 72 and 91 , Carter further discloses wherein the 
reference monitor which performs the capture of the at least one request to access a 
resource is the same type of reference monitor as the reference monitor whose 
operations are recreated by the reference monitor simulator (Carter: paragraphs 0168- 
0169, 0180, 0700 and 0755-0756). 

Regarding claim 13, 33, 53, 73 and 92, Carter further discloses wherein the 
captured at least one request to access a resource is an improper request (Carter: 
paragraphs 0180 and 0222). 

Regarding claim 14, 34, 54, 74 and93, Carter further discloses wherein an 
improper request comprises a request issued by an application in response to one of a 
virus and a buffer overrun attack (Carter: paragraphs 0180, 0222 and 0674). 
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Regarding claim 15, 35, 55, 75 and 94, Carter further discloses wherein the 
captured at least one request is modified prior to supplying the at least one request to 
access a resource (Carter: paragraphs 0700 and 0755). 

Regarding claim 16, 36, 56, 76 and 95, Carter further discloses wherein the 
modification is performed by a user (Carter: paragraph 0795). 

Regarding claim 17, 37, 57 and 77, Carter further discloses wherein an electronic 
file system stores the at least one security rule, and wherein (D) further comprises the 
reference monitor simulator accessing the security rule in the electronic file system in 
response to receiving the at least one request to access a resource (Carter: paragraphs 
0260, 0606-061 1 and 0802). 

Regarding claim 18, 38, 58, 78 and 96, Carter further discloses wherein the at 
least one parameter provided to the reference monitor simulator further includes at least 
one of a system clock, a wrapper function, and a timer event (Carter: paragraph 0880). 

Regarding claim 19, 39, 59, 79 and 97, Carter further discloses (E) maintaining 
statistics on the operation of the reference monitor simulator (Carter: paragraphs 0271 
and 0470). 

Regarding claim 20, 40, 60, 80 and 98, Carter further discloses wherein the 
statistics include at least one of the number of requests per resource, number of total 
requests, type of request per resource, total of each type of request, number of queries, 
number of callbacks, number of requests allowed compared to number of requests 
expected, and number of requests prevented compared to number of prevented 
requests expected (Carter: paragraph 0470). 
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Regarding claim 88, this claim has limitations that is similar to those of claim 1 , 
thus it is rejected with the same rationale applied against claim 1 above. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to TRANG DOAN whose telephone number is (571)272- 
0740. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Trang Doan/ 
Examiner, Art Unit 2131 

/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 
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